Finconnect (Australia) Pty Ltd ABN 45 122 896 477 Trading as “eChoice” provides Mortgage Broking services to consumers and Aggregation services to Finance Brokers and other intermediaries. This policy describes how your personal information is handled by us.
Finconnect provide Mortgage Broking, Aggregation and other services. Finconnect must follow the Privacy Act and Australian Privacy Principles (APPs).
In this policy, “we”, “us” or “our” means Finconnect.
In addition to the Privacy Act, individuals located in the European Union (EU) may also have rights under EU based rules known as the General Data Protection Regulation (GDPR). The GDPR has harmonised the data privacy laws of each individual EU country, giving more rights to individuals located in the EU and more obligations to organisations holding their personal information.
Details of additional rights of individuals located in the EU and how we meet them are outlined in Appendix 1.
We take privacy seriously and are committed to ensuring the protection of your personal information, no matter where you are located.
We protect your information and aim to be clear and open about what we do with it. You can find more information in places like our application forms and terms and conditions.
We understand that your privacy is important to you, and we value your trust. That’s why we protect your information and aim to be clear and open about what we do with it. This policy explains how we handle your personal information. It also includes:
During your relationship with us, we may tell you more about how we handle your information — for example, when you fill in an application or receive terms and conditions. You should always read these documents carefully.
We collect information about you when you use our products or services, or deal with us. We may also collect information about you from other people and organisations.
We collect personal information about you when you contact us, use our products or services, visit our websites or use our technology platforms or deal with us in some other way.
The information we collect from you may include:
Other personal information, such as details of your interactions with us. We also record phone calls for quality and training purposes. If you do not wish for your call to be recorded, please let your consultant know at the time of the call.
We collect information about you from others, such as:
For example, if you apply for credit, we may ask a credit reporting body for your credit report. We may also collect information about you that is publicly available (for example, in public registers or on social media) or provided by businesses we deal with.
The Privacy Act protects your sensitive information — such as information about your religion, ethnicity, health or biometrics (for example, your fingerprints). If we need this type of information, we’ll ask for your permission — except where otherwise allowed by law.
We’re careful about how we use your information. We use it to deliver our products and services. We also use your information for other reasons, such as to better understand you and your needs, and to let you know about other products and services you might be interested in.
We collect, use and exchange your information so we can:
We may also collect, use and exchange your information for other reasons where the law allows or requires us.
From time to time, we may also use your information to tell you about products or services we think you might be interested in. To do this, we may contact you by:
If you don’t want to receive direct marketing messages or want to change your contact preferences, email info@eChoice.com.au.
We’re always working to improve our products and services and give you the best customer experience.
New technologies let us combine information we have about you and our other customers, for example transaction information, with data from other sources, such as third-party websites or the Australian Bureau of Statistics. We analyse this data to learn more about you and other customers, and how to improve our products and services.
We sometimes use this combined data to help other businesses better understand their customers. When we do, we don’t pass on any personal information about you.
We may share your information with others for the reasons mentioned in Section 4.
We may also share your information with third parties for the reasons in Section 4 or where the law otherwise allows. These third parties can include:
Sometimes, we may send your information overseas, including to:
If we do this, we make sure there are arrangements in place to protect your information.
If you ask us for credit assistance, we may check your credit reports. We get these from credit reporting bodies. We also share your credit information with them so they can provide credit reports to others.
When you apply to us for credit assistance, we may need to check your credit reports.
A credit report gives us information about your credit history. Credit reports are provided by credit reporting bodies, who collect and share credit information with credit providers like us, and other service businesses like phone companies.
The Privacy Act limits the information we can give to credit reporting bodies, and that they can give us. The Act also limits how we can use credit reports.
The information we can share with credit reporting bodies includes:
Credit reporting bodies include this information in their reports to assist other credit providers to assess your credit worthiness.
We can also ask credit reporting bodies to give us your overall credit score, and may use credit information from credit reporting bodies together with other information to arrive at our own scoring of your ability to manage credit.
The credit reporting bodies we use are Equifax Pty Ltd, you can download a copy of their privacy policies at:
We use information from credit reporting bodies to:
We keep your credit information with your other information. You can view this information or ask us to correct it if it’s wrong (see Section 8) or make a complaint to us (see Section 9).
Direct Marketing — Credit providers like us can ask credit reporting bodies to use your credit information to pre- screen you for direct marketing purposes, but you can tell credit reporting bodies not to (see Section 10).
Preventing identity fraud — If you think you have been or could be a victim of fraud — for example, if someone else may be using your name to apply for credit — you can ask the credit reporting body not to use or give anyone your credit information.
Our staff are trained in how to keep your information safe and secure. We use secure systems and buildings to hold your information. We aim to only keep your information for as long as we need it.
We store your hard copy and electronic records in secure buildings and systems, or using trusted third parties. Here are some of the things we do to protect your information.
|Staff Training||We train our staff in how to keep your information safe and secure.|
|Secure handling and storage||When we send information overseas or use third parties that handle or store data, we put arrangements in place to protect your information.|
|System Security||When you log into our websites or apps, we encrypt data sent from your computer to our systems so no one else can access it.
We have firewalls, intrusion detection and virus scanning tools to stop viruses and unauthorised people accessing our systems.
When we send your electronic data to other organisations, we use secure networks or encryption.
We use passwords and/or smartcards to stop unauthorised people getting access.
|Building Security||We use a mix of access restriction, cameras, guards and other controls in our buildings to prevent unauthorised access.|
|Destroying or de-identifying data when no longer required||We aim to keep personal information only for as long as we need it – for example for business or legal reasons. When we no longer need information, we take reasonable steps to destroy or de-identify it.|
You can contact us and ask to view your information. For more detailed information, you may need to fill out a request form. If your information isn’t correct or needs updating, let us know straight away.
You can ask us for a copy of your information, like your transaction files or a copy of any credit information we have about you, by going online or calling us.
For more detailed information, like what we’ve included in your file, you’ll need to fill out the Request for Access to Personal Information form included at the end of this policy. Send it to us using the contact details in Section 10.
There is no fee to ask for your information, but sometimes we may charge a maximum of $100.00 (AUD) as an access fee to cover the time we spend finding and collating the information you want. If there’s a fee, we’ll let you know how much it is likely to be, so you can choose if you want to go ahead. Generally, the fee is an hourly rate plus photocopying costs and other expenses. You’ll need to pay us before we start, or give us permission to take it out of your account.
We try to make your information available within 30 days after you ask us for it. Before we give you the information, we’ll need to confirm your identity.
In some cases, we can refuse access or only give you access to certain information. For example, we might not let you see information that is commercially sensitive. If we do this, we’ll write to you explaining our decision.
It’s important that we have your correct details, such as your current home and email addresses and phone number. You can check or update your information at any branch, or by logging in to one of our websites or calling us (see Section 10).
You can ask us to correct or update any information we have (including credit information). See Section 10 for ways to contact us. If we’ve given the information to another party, you can ask us to let them know it’s incorrect. We won’t charge a fee for this.
If the incorrect information was given to us by a credit reporting body, we may need to check with them or the relevant credit provider before we can change it. We’ll try to do this within 30 days. If we can’t, we’ll let you know why it’s taking longer and agree on a new timeframe with you. We’ll also tell you when we’ve corrected the information.
If we don’t think the information needs correcting, we’ll write to let you know why. You can ask us to include a statement with the information that says you believe it’s inaccurate, incomplete, misleading or out of date.
If you have a concern or complaint about your privacy, let us know and we’ll try to fix it. If you’re not satisfied with how we handle your complaint, there are other things you can do.
We try to get things right the first time — but if we don’t, we’ll do what we can to fix it. If you are concerned about your privacy (including credit information), you can make a complaint and we’ll do our best to resolve it.
To make a complaint, contact one of our staff or customer service teams. We’ll look into the issue and try to fix it straight away. If you’re not satisfied, you can call our Customer Relations team. See Section 10 for contact details.
If your complaint is about your credit information, we may need to check with credit reporting bodies or the credit provider involved. We’ll let you know we’ve received your complaint within seven days. If we cannot resolve it within 30 days, we’ll get in touch to tell you why and work out a new timeframe with you.
If you’re not satisfied with how we manage your complaint after you’ve been through our internal complaints process, there are free and independent dispute resolution services available to you.
The Australian Financial Complaints Authority can consider most complaints involving financial services providers.
If your complaint is about how we handle your personal information, you can also contact the Office of the Australian Information Commissioner (OAIC).
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
Phone 1300 363 992
If you want to update your personal information, or if you have a privacy concern, need more information, or want to update your preferences — help is just a phone call or a few clicks away.
|To ask a question, access your personal information, make a correction or a complaint, or get a printed version of this policy||General||Phone +61 2 9240 8900
|If you’ve raised your concern with one of our staff and aren’t satisfied||Complaints||Phone +61 2 9240 8900
Write to us: Finconnect, Level 5, 55 Mountain Street, Ultimo NSW 2007
|To update your preferences about how we contact you or ask not to receive direct marketing||Direct marketing||Phone +61 2 9240 8900
|For more information about the Australian Privacy Principles and credit reporting rules||The Office of the Australian Information Commissioner||Visit oaic.gov.au|
We try to provide you with your information within 30 days. We’ll need to verify your identity before completing your request.
In certain circumstances we’re allowed to deny or limit the access we provide. If so, we’ll let you know in writing our reasons for refusing your request.
Email: info@eChoice.com.au or Post it to: Finconnect, Level 5, 55 Mountain Street, Ultimo NSW 2007
The European Union (EU) General Data Protection Regulation (GDPR) has harmonised the data privacy laws of each individual EU country, giving more rights to individuals located in the EU and more obligations to organisations holding their personal information. In this Appendix, “personal information” means any information relating to an identified or identifiable natural person (the meaning given to the term “personal data” in the GDPR).
Personal information must be processed in a lawful, fair and transparent manner. As such, if you are located in the EU, GDPR requires us to provide you with more information about how we collect, use, share and store your personal information as well as advising you of your rights as a ‘data subject’.
If you are located in the EU and have an enquiry relating to your rights under the GDPR, please contact: info@eChoice.com.au
The GDPR provides additional protection for personal information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation. We will only process this type of personal information with your consent or where otherwise lawfully permitted.
We will keep your personal information while you are a customer of Finconnect. We aim to keep your personal information for only as long as we need it.
We generally keep your personal information for up to 7 years after you stop being a customer but we may keep your personal information for longer:
We can only collect and use your personal information if we have a valid lawful reason to do so. The reasons are:
|How we use your personal information||Our reasons||Our legitimate interests|
|To confirm your identity||
|To assess your application for a product or service||
|To manage our relationship with you||
|To minimise risks and identify or investigate fraud and other illegal activities||
|To contact you, for example, when we need to tell you something important||
|To improve our service to you and your experience with us||
|To comply with laws, and assist government or law enforcement agencies||
|To manage our business||
We may use your information for direct marketing purposes. We will only do this with your consent.
|The right to be informed how personal information is processed||You have the right to be informed how your personal information is being collected and used. If we require your consent to process your personal information you can withdraw consent at any time. If you withdraw consent, we may not be able to provide certain products or services to you. The right to withdraw only applies when the lawful basis of processing is consent.|
|The right of access to personal information||You can access your personal information that we hold by emailing: firstname.lastname@example.org.|
|The right to rectification||You have the right to question any personal information we have about you that is inaccurate or incomplete. If you do, we will take reasonable steps to check the accuracy and correct it.|
|The right to erasure||You have the right to ask us to delete your personal information if there is no need for us to keep it. You can make the request verbally or in writing. There may be legal or other reasons why we need to keep your personal information and if so we will tell you what these are.|
|The right to restrict processing||You have the right to ask us to restrict our use of your personal information in some circumstances. In this situation we would not use or share your personal information while it is restricted. This is not an absolute right and only applies in certain circumstances.|
|The right to data portability||In some circumstances you have the right to request we provide you with a copy of the personal information you have provided to us in a format that can be easily reused.|
|The right to object||In some circumstances you have the right to object to us processing your personal information.|
|Rights in relation to automated decision making and profiling||We sometimes use systems to make automated decisions (including profiling) based on personal information we have collected from you or obtained from other sources such as credit reporting bodies. These automated decisions can affect the products or services we offer you. You can ask that we not make decisions based on automated score alone or object to an automated decision and ask that a person review.|
|The right to lodge a complaint with a supervisory authority||You have the right to complain to the regulator if you are not happy with the outcome of a complaint.
See the ‘Regulator Contact Details’ section for more information.
The individual regulator websites will tell you how to report a concern.
Please note that while any changes you make to your personal information will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
You may decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of our products and services.
The UK data protection authority is:
Information Commissioner’s Office Wycliffe House
Wilmslow Cheshire SK9 5AF UK
For other European jurisdictions please refer to the European Commission website for details of the relevant data protection authorities.